Persistent Classification: A New Approach to Stability of Data and Adversarial Examples Article Swipe

PDF

Brian Bell , Michaël Geyer , David Glickenstein , Keaton Hamm , Carlos Scheidegger , Amanda Fernandez , Juston Moore ·

YOU? · · 2024 · Open Access · · DOI: https://doi.org/10.48550/arxiv.2404.08069

There are a number of hypotheses underlying the existence of adversarial examples for classification problems. These include the high-dimensionality of the data, high codimension in the ambient space of the data manifolds of interest, and that the structure of machine learning models may encourage classifiers to develop decision boundaries close to data points. This article proposes a new framework for studying adversarial examples that does not depend directly on the distance to the decision boundary. Similarly to the smoothed classifier literature, we define a (natural or adversarial) data point to be $(γ,σ)$-stable if the probability of the same classification is at least $γ$ for points sampled in a Gaussian neighborhood of the point with a given standard deviation $σ$. We focus on studying the differences between persistence metrics along interpolants of natural and adversarial points. We show that adversarial examples have significantly lower persistence than natural examples for large neural networks in the context of the MNIST and ImageNet datasets. We connect this lack of persistence with decision boundary geometry by measuring angles of interpolants with respect to decision boundaries. Finally, we connect this approach with robustness by developing a manifold alignment gradient metric and demonstrating the increase in robustness that can be achieved when training with the addition of this metric.

Related Topics

Computer Science

Artificial Intelligence

Machine Learning

Concepts

Adversarial system Stability (learning theory) Computer science Artificial intelligence Machine learning

Metadata

Type: preprint
Language: en
Landing Page: http://arxiv.org/abs/2404.08069
PDF: https://arxiv.org/pdf/2404.08069
OA Status: green
Related Works: 10
OpenAlex ID: https://openalex.org/W4394838720

All OpenAlex metadata

Raw OpenAlex JSON

OpenAlex ID: https://openalex.org/W4394838720

Canonical identifier for this work in OpenAlex
DOI: https://doi.org/10.48550/arxiv.2404.08069

Digital Object Identifier
Title: Persistent Classification: A New Approach to Stability of Data and Adversarial Examples

Work title
Type: preprint

OpenAlex work type
Language: en

Primary language
Publication year: 2024

Year of publication
Publication date: 2024-04-11

Full publication date if available
Authors: Brian Bell, Michaël Geyer, David Glickenstein, Keaton Hamm, Carlos Scheidegger, Amanda Fernandez, Juston Moore

List of authors in order
Landing page: https://arxiv.org/abs/2404.08069

Publisher landing page
PDF URL: https://arxiv.org/pdf/2404.08069

Direct link to full text PDF
Open access: Yes

Whether a free full text is available
OA status: green

Open access status per OpenAlex
OA URL: https://arxiv.org/pdf/2404.08069

Direct OA link when available
Concepts: Adversarial system, Stability (learning theory), Computer science, Artificial intelligence, Machine learning

Top concepts (fields/topics) attached by OpenAlex
Cited by: 0

Total citation count in OpenAlex
Related works (count): 10

Other works algorithmically related by OpenAlex

Full payload

id	https://openalex.org/W4394838720
doi	https://doi.org/10.48550/arxiv.2404.08069
ids.doi	https://doi.org/10.48550/arxiv.2404.08069
ids.openalex	https://openalex.org/W4394838720
fwci
type	preprint
title	Persistent Classification: A New Approach to Stability of Data and Adversarial Examples
biblio.issue
biblio.volume
biblio.last_page
biblio.first_page
topics[0].id	https://openalex.org/T11689
topics[0].field.id	https://openalex.org/fields/17
topics[0].field.display_name	Computer Science
topics[0].score	0.9861000180244446
topics[0].domain.id	https://openalex.org/domains/3
topics[0].domain.display_name	Physical Sciences
topics[0].subfield.id	https://openalex.org/subfields/1702
topics[0].subfield.display_name	Artificial Intelligence
topics[0].display_name	Adversarial Robustness in Machine Learning
is_xpac	False
apc_list
apc_paid
concepts[0].id	https://openalex.org/C37736160
concepts[0].level	2
concepts[0].score	0.8917567729949951
concepts[0].wikidata	https://www.wikidata.org/wiki/Q1801315
concepts[0].display_name	Adversarial system
concepts[1].id	https://openalex.org/C112972136
concepts[1].level	2
concepts[1].score	0.6427765488624573
concepts[1].wikidata	https://www.wikidata.org/wiki/Q7595718
concepts[1].display_name	Stability (learning theory)
concepts[2].id	https://openalex.org/C41008148
concepts[2].level	0
concepts[2].score	0.47121065855026245
concepts[2].wikidata	https://www.wikidata.org/wiki/Q21198
concepts[2].display_name	Computer science
concepts[3].id	https://openalex.org/C154945302
concepts[3].level	1
concepts[3].score	0.3822711706161499
concepts[3].wikidata	https://www.wikidata.org/wiki/Q11660
concepts[3].display_name	Artificial intelligence
concepts[4].id	https://openalex.org/C119857082
concepts[4].level	1
concepts[4].score	0.3220454454421997
concepts[4].wikidata	https://www.wikidata.org/wiki/Q2539
concepts[4].display_name	Machine learning
keywords[0].id	https://openalex.org/keywords/adversarial-system
keywords[0].score	0.8917567729949951
keywords[0].display_name	Adversarial system
keywords[1].id	https://openalex.org/keywords/stability
keywords[1].score	0.6427765488624573
keywords[1].display_name	Stability (learning theory)
keywords[2].id	https://openalex.org/keywords/computer-science
keywords[2].score	0.47121065855026245
keywords[2].display_name	Computer science
keywords[3].id	https://openalex.org/keywords/artificial-intelligence
keywords[3].score	0.3822711706161499
keywords[3].display_name	Artificial intelligence
keywords[4].id	https://openalex.org/keywords/machine-learning
keywords[4].score	0.3220454454421997
keywords[4].display_name	Machine learning
language	en
locations[0].id	pmh:oai:arXiv.org:2404.08069
locations[0].is_oa	True
locations[0].source.id	https://openalex.org/S4306400194
locations[0].source.issn
locations[0].source.type	repository
locations[0].source.is_oa	True
locations[0].source.issn_l
locations[0].source.is_core	False
locations[0].source.is_in_doaj	False
locations[0].source.display_name	arXiv (Cornell University)
locations[0].source.host_organization	https://openalex.org/I205783295
locations[0].source.host_organization_name	Cornell University
locations[0].source.host_organization_lineage	https://openalex.org/I205783295
locations[0].license
locations[0].pdf_url	https://arxiv.org/pdf/2404.08069
locations[0].version	submittedVersion
locations[0].raw_type	text
locations[0].license_id
locations[0].is_accepted	False
locations[0].is_published	False
locations[0].raw_source_name
locations[0].landing_page_url	http://arxiv.org/abs/2404.08069
locations[1].id	doi:10.48550/arxiv.2404.08069
locations[1].is_oa	True
locations[1].source.id	https://openalex.org/S4306400194
locations[1].source.issn
locations[1].source.type	repository
locations[1].source.is_oa	True
locations[1].source.issn_l
locations[1].source.is_core	False
locations[1].source.is_in_doaj	False
locations[1].source.display_name	arXiv (Cornell University)
locations[1].source.host_organization	https://openalex.org/I205783295
locations[1].source.host_organization_name	Cornell University
locations[1].source.host_organization_lineage	https://openalex.org/I205783295
locations[1].license	cc-by
locations[1].pdf_url
locations[1].version
locations[1].raw_type	article
locations[1].license_id	https://openalex.org/licenses/cc-by
locations[1].is_accepted	False
locations[1].is_published
locations[1].raw_source_name
locations[1].landing_page_url	https://doi.org/10.48550/arxiv.2404.08069
indexed_in	arxiv, datacite
authorships[0].author.id	https://openalex.org/A5047592199
authorships[0].author.orcid	https://orcid.org/0000-0001-8577-7430
authorships[0].author.display_name	Brian Bell
authorships[0].author_position	first
authorships[0].raw_author_name	Bell, Brian
authorships[0].is_corresponding	False
authorships[1].author.id	https://openalex.org/A5013291349
authorships[1].author.orcid	https://orcid.org/0000-0003-0085-2521
authorships[1].author.display_name	Michaël Geyer
authorships[1].author_position	middle
authorships[1].raw_author_name	Geyer, Michael
authorships[1].is_corresponding	False
authorships[2].author.id	https://openalex.org/A5039063170
authorships[2].author.orcid	https://orcid.org/0000-0002-9238-0973
authorships[2].author.display_name	David Glickenstein
authorships[2].author_position	middle
authorships[2].raw_author_name	Glickenstein, David
authorships[2].is_corresponding	False
authorships[3].author.id	https://openalex.org/A5064380948
authorships[3].author.orcid	https://orcid.org/0000-0003-0719-6045
authorships[3].author.display_name	Keaton Hamm
authorships[3].author_position	middle
authorships[3].raw_author_name	Hamm, Keaton
authorships[3].is_corresponding	False
authorships[4].author.id	https://openalex.org/A5035997603
authorships[4].author.orcid	https://orcid.org/0009-0006-9163-6136
authorships[4].author.display_name	Carlos Scheidegger
authorships[4].author_position	middle
authorships[4].raw_author_name	Scheidegger, Carlos
authorships[4].is_corresponding	False
authorships[5].author.id	https://openalex.org/A5019279166
authorships[5].author.orcid	https://orcid.org/0000-0003-2397-0838
authorships[5].author.display_name	Amanda Fernandez
authorships[5].author_position	middle
authorships[5].raw_author_name	Fernandez, Amanda
authorships[5].is_corresponding	False
authorships[6].author.id	https://openalex.org/A5009409937
authorships[6].author.orcid	https://orcid.org/0000-0003-2515-3647
authorships[6].author.display_name	Juston Moore
authorships[6].author_position	last
authorships[6].raw_author_name	Moore, Juston
authorships[6].is_corresponding	False
has_content.pdf	False
has_content.grobid_xml	False
is_paratext	False
open_access.is_oa	True
open_access.oa_url	https://arxiv.org/pdf/2404.08069
open_access.oa_status	green
open_access.any_repository_has_fulltext	False
created_date	2025-10-10T00:00:00
display_name	Persistent Classification: A New Approach to Stability of Data and Adversarial Examples
has_fulltext	False
is_retracted	False
updated_date	2025-11-06T06:51:31.235846
primary_topic.id	https://openalex.org/T11689
primary_topic.field.id	https://openalex.org/fields/17
primary_topic.field.display_name	Computer Science
primary_topic.score	0.9861000180244446
primary_topic.domain.id	https://openalex.org/domains/3
primary_topic.domain.display_name	Physical Sciences
primary_topic.subfield.id	https://openalex.org/subfields/1702
primary_topic.subfield.display_name	Artificial Intelligence
primary_topic.display_name	Adversarial Robustness in Machine Learning
related_works	https://openalex.org/W2961085424, https://openalex.org/W4306674287, https://openalex.org/W3046775127, https://openalex.org/W3107602296, https://openalex.org/W3170094116, https://openalex.org/W4386462264, https://openalex.org/W4364306694, https://openalex.org/W4312192474, https://openalex.org/W4283697347, https://openalex.org/W4210805261
cited_by_count	0
locations_count	2
best_oa_location.id	pmh:oai:arXiv.org:2404.08069
best_oa_location.is_oa	True
best_oa_location.source.id	https://openalex.org/S4306400194
best_oa_location.source.issn
best_oa_location.source.type	repository
best_oa_location.source.is_oa	True
best_oa_location.source.issn_l
best_oa_location.source.is_core	False
best_oa_location.source.is_in_doaj	False
best_oa_location.source.display_name	arXiv (Cornell University)
best_oa_location.source.host_organization	https://openalex.org/I205783295
best_oa_location.source.host_organization_name	Cornell University
best_oa_location.source.host_organization_lineage	https://openalex.org/I205783295
best_oa_location.license
best_oa_location.pdf_url	https://arxiv.org/pdf/2404.08069
best_oa_location.version	submittedVersion
best_oa_location.raw_type	text
best_oa_location.license_id
best_oa_location.is_accepted	False
best_oa_location.is_published	False
best_oa_location.raw_source_name
best_oa_location.landing_page_url	http://arxiv.org/abs/2404.08069
primary_location.id	pmh:oai:arXiv.org:2404.08069
primary_location.is_oa	True
primary_location.source.id	https://openalex.org/S4306400194
primary_location.source.issn
primary_location.source.type	repository
primary_location.source.is_oa	True
primary_location.source.issn_l
primary_location.source.is_core	False
primary_location.source.is_in_doaj	False
primary_location.source.display_name	arXiv (Cornell University)
primary_location.source.host_organization	https://openalex.org/I205783295
primary_location.source.host_organization_name	Cornell University
primary_location.source.host_organization_lineage	https://openalex.org/I205783295
primary_location.license
primary_location.pdf_url	https://arxiv.org/pdf/2404.08069
primary_location.version	submittedVersion
primary_location.raw_type	text
primary_location.license_id
primary_location.is_accepted	False
primary_location.is_published	False
primary_location.raw_source_name
primary_location.landing_page_url	http://arxiv.org/abs/2404.08069
publication_date	2024-04-11
publication_year	2024
referenced_works_count	0
abstract_inverted_index.a	2, 56, 83, 107, 114, 189
abstract_inverted_index.We	119, 135, 160
abstract_inverted_index.at	100
abstract_inverted_index.be	90, 202
abstract_inverted_index.by	170, 187
abstract_inverted_index.if	92
abstract_inverted_index.in	24, 106, 151, 198
abstract_inverted_index.is	99
abstract_inverted_index.of	4, 9, 19, 28, 32, 38, 95, 110, 130, 154, 164, 173, 209
abstract_inverted_index.on	68, 121
abstract_inverted_index.or	85
abstract_inverted_index.to	45, 50, 71, 76, 89, 177
abstract_inverted_index.we	81, 181
abstract_inverted_index.and	34, 132, 157, 194
abstract_inverted_index.are	1
abstract_inverted_index.can	201
abstract_inverted_index.for	12, 59, 103, 147
abstract_inverted_index.may	42
abstract_inverted_index.new	57
abstract_inverted_index.not	65
abstract_inverted_index.the	7, 17, 20, 25, 29, 36, 69, 72, 77, 93, 96, 111, 123, 152, 155, 196, 207
abstract_inverted_index.$γ$	102
abstract_inverted_index.This	53
abstract_inverted_index.data	30, 51, 87
abstract_inverted_index.does	64
abstract_inverted_index.have	140
abstract_inverted_index.high	22
abstract_inverted_index.lack	163
abstract_inverted_index.same	97
abstract_inverted_index.show	136
abstract_inverted_index.than	144
abstract_inverted_index.that	35, 63, 137, 200
abstract_inverted_index.this	162, 183, 210
abstract_inverted_index.when	204
abstract_inverted_index.with	113, 166, 175, 185, 206
abstract_inverted_index.$σ$.	118
abstract_inverted_index.MNIST	156
abstract_inverted_index.There	0
abstract_inverted_index.These	15
abstract_inverted_index.along	128
abstract_inverted_index.close	49
abstract_inverted_index.data,	21
abstract_inverted_index.focus	120
abstract_inverted_index.given	115
abstract_inverted_index.large	148
abstract_inverted_index.least	101
abstract_inverted_index.lower	142
abstract_inverted_index.point	88, 112
abstract_inverted_index.space	27
abstract_inverted_index.angles	172
abstract_inverted_index.define	82
abstract_inverted_index.depend	66
abstract_inverted_index.metric	193
abstract_inverted_index.models	41
abstract_inverted_index.neural	149
abstract_inverted_index.number	3
abstract_inverted_index.points	104
abstract_inverted_index.ambient	26
abstract_inverted_index.article	54
abstract_inverted_index.between	125
abstract_inverted_index.connect	161, 182
abstract_inverted_index.context	153
abstract_inverted_index.develop	46
abstract_inverted_index.include	16
abstract_inverted_index.machine	39
abstract_inverted_index.metric.	211
abstract_inverted_index.metrics	127
abstract_inverted_index.natural	131, 145
abstract_inverted_index.points.	52, 134
abstract_inverted_index.respect	176
abstract_inverted_index.sampled	105
abstract_inverted_index.(natural	84
abstract_inverted_index.Finally,	180
abstract_inverted_index.Gaussian	108
abstract_inverted_index.ImageNet	158
abstract_inverted_index.achieved	203
abstract_inverted_index.addition	208
abstract_inverted_index.approach	184
abstract_inverted_index.boundary	168
abstract_inverted_index.decision	47, 73, 167, 178
abstract_inverted_index.directly	67
abstract_inverted_index.distance	70
abstract_inverted_index.examples	11, 62, 139, 146
abstract_inverted_index.geometry	169
abstract_inverted_index.gradient	192
abstract_inverted_index.increase	197
abstract_inverted_index.learning	40
abstract_inverted_index.manifold	190
abstract_inverted_index.networks	150
abstract_inverted_index.proposes	55
abstract_inverted_index.smoothed	78
abstract_inverted_index.standard	116
abstract_inverted_index.studying	60, 122
abstract_inverted_index.training	205
abstract_inverted_index.Similarly	75
abstract_inverted_index.alignment	191
abstract_inverted_index.boundary.	74
abstract_inverted_index.datasets.	159
abstract_inverted_index.deviation	117
abstract_inverted_index.encourage	43
abstract_inverted_index.existence	8
abstract_inverted_index.framework	58
abstract_inverted_index.interest,	33
abstract_inverted_index.manifolds	31
abstract_inverted_index.measuring	171
abstract_inverted_index.problems.	14
abstract_inverted_index.structure	37
abstract_inverted_index.boundaries	48
abstract_inverted_index.classifier	79
abstract_inverted_index.developing	188
abstract_inverted_index.hypotheses	5
abstract_inverted_index.robustness	186, 199
abstract_inverted_index.underlying	6
abstract_inverted_index.adversarial	10, 61, 133, 138
abstract_inverted_index.boundaries.	179
abstract_inverted_index.classifiers	44
abstract_inverted_index.codimension	23
abstract_inverted_index.differences	124
abstract_inverted_index.literature,	80
abstract_inverted_index.persistence	126, 143, 165
abstract_inverted_index.probability	94
abstract_inverted_index.adversarial)	86
abstract_inverted_index.interpolants	129, 174
abstract_inverted_index.neighborhood	109
abstract_inverted_index.demonstrating	195
abstract_inverted_index.significantly	141
abstract_inverted_index.classification	13, 98
abstract_inverted_index.$(γ,σ)$-stable	91
abstract_inverted_index.high-dimensionality	18
cited_by_percentile_year
countries_distinct_count	0
institutions_distinct_count	7
citation_normalized_percentile